Guang Gong @oldfresher
Joined August 2014-
Tweets200
-
Followers4K
-
Following266
-
Likes69
Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… issues.chromium.org/issues/4125787…
Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… issues.chromium.org/issues/4125787… https://t.co/g2FWl24wkc
Unrestrict the restricted mode for USB on iPhone. A first analysis @citizenlab #CVE-2025-24200 👉 blog.quarkslab.com/first-analysis…
ChatGPT Account Takeover - Wildcard Web Cache Deception : nokline.github.io/bugbounty/2024… credits @H4R3L Ref : Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT : shockwave.cloud/blog/shockwave…
Exploiting ML models with pickle file attacks: Part 2 blog.trailofbits.com/2024/06/11/exp…
Exploiting ML models with pickle file attacks: Part 1 blog.trailofbits.com/2024/06/11/exp…
前几天的Telegram的RCE应该是这个:TG桌面客户端由于拼写错误,将Python zipapp的扩展名pyzw写成pywz(.pyzw是Windows的可执行文件),导致TG客户端打开对应文件不会有安全警告,将会直接执行指定文件 感谢@VulkeyChen师傅提供的资料 Github链接:github.com/telegramdeskto…
前几天的Telegram的RCE应该是这个:TG桌面客户端由于拼写错误,将Python zipapp的扩展名pyzw写成pywz(.pyzw是Windows的可执行文件),导致TG客户端打开对应文件不会有安全警告,将会直接执行指定文件 感谢@VulkeyChen师傅提供的资料 Github链接:github.com/telegramdeskto… https://t.co/cpOK8gSbwz
We uploaded a backdoored AI model to @huggingface which we could use to potentially access other customers’ data✨ Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies thehackernews.com/2024/04/google…
Seems that folks successfully achieved working RCE w/ a previous RTF/Win exploit! This is expected as #MonikerLink is a powerful attack vector (delivering exp) on Outlook - it bypasses Protected View too! Now u have more reasons to PATCH & GET PROTECTED!
Seems that folks successfully achieved working RCE w/ a previous RTF/Win exploit! This is expected as #MonikerLink is a powerful attack vector (delivering exp) on Outlook - it bypasses Protected View too! Now u have more reasons to PATCH & GET PROTECTED!
KernelGPT: Enhanced Kernel Fuzzing via Large Language Models A paper by @cy1yang et. al about using the GPT4 LLM neural network for automatically generating syzkaller descriptions. arxiv.org/pdf/2401.00563…
8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe securityaffairs.co/wordpress/1347…
A new user on the Russian cybercrime forum Exploit just posted a video claiming to show a zero-day, remote code execution exploit in Google's latest Chrome browser running on Windows 10. Asking price: $2M. h/t @HoldSecurity
Double fetch vulnerabilities in C and C++ have been known for some time, but have varying types & causes, requiring different approaches for detection & mitigation This whitepaper (by @N1ckDunn) summarizes different manifestations & fixes of double fetch research.nccgroup.com/2022/03/28/whi…
Racing against the clock -- hitting a tiny kernel race window googleprojectzero.blogspot.com/2022/03/racing…
A case study in early-stage startup execution wave.com/en/blog/early-…
It's really a complicated bug, Google takes so long to fix it.
Security: JSON.stringify leaks TheHole value, leading to RCE crbug.com/1263462
Here are the slides from the "Attacking JavaScript Engines in 2022" talk by @itszn13 and myself @offensive_con. It's a high-level talk about JS, JIT, various bug classes, and typical exploitation flows but with lots of references for further digging! saelo.github.io/presentations/…
#hosselot_tips Q: How to develop a browser fuzzer? A: developing a browser fuzzer is tricky. Run and study publicly available browser fuzzers (domato, fuzzilli, ...) and try to modify/hack them until you get experienced. Here is a good example: blog.redteam.pl/2019/12/chrome…
Alex Plaskett @alexjplaskett
12K Followers 571 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Samuel Groß @5aelo
24K Followers 501 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
ohjin @pwn_expoit
4K Followers 445 Following I'm still hungry. I will be world-class, @[email protected]
Maddie Stone @maddiestone
61K Followers 804 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
kmkz @kmkz_security
19K Followers 2K Following Offensive Security, pom-pom girl... Who cares ?? Bourbon Offensive Security Services | BOSS
Mobile Security @mobilesecurity_
32K Followers 1K Following Mobile Security ✌🏻 #MobileSecurity #AndroidSecurity #iOSsecurity
Richard Johnson @richinseattle
18K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
stephen @_tsuro
10K Followers 527 Following @v8js security, CTFs and CPU vulnz. LCHL. @[email protected]
sakura @eternalsakura13
8K Followers 190 Following Lead Security Researcher @zellic_io. 2022-2024 Top 3 Chrome VRP. 2023 Top 2 Facebook Whitehat. 2025 MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con speaker.
nedwill @NedWilliamson
16K Followers 551 Following Tesla {Autopilot, Dojo}; Previously Google Security; PPP for life; SockPuppet, Soundhax, Speedcubing
Matteo Rizzo @_MatteoRizzo
3K Followers 589 Following Security engineer, CTF player for @0rganizers. Mastodon: @[email protected]
Ian Beer @i41nbeer
48K Followers 147 Following
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / t501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Shu Ohki @ShuOhki42125
0 Followers 33 Following
Mohammed | مُحَم... @u0pattern_cs
3K Followers 1K Following Mobile Security R&D by day | Saudi nationalist politician by night, whose ambition is to see his country 🇸🇦 lead the region #the_saudi_cyber_arms_company_2035
Abhinav Kumar @HelNull
0 Followers 54 Following
Kipiko @kipiko123_
26 Followers 38 Following Discover #DeFi From The Shadows on Core. I|Trade I| Earn I|Launch
sobujmiasobujm1 @sobujmiaso64622
24 Followers 202 Following
Strforexc yn @strforexc
1 Followers 82 Following
比个心 @vbigthing
92 Followers 4K Following
Hugo @Hugo38413820636
0 Followers 2K Following
raggy456 @raggy456
1 Followers 40 Following
lucky @lucky5502118041
5 Followers 174 Following
Wukong AQA @AqaWukong57862
0 Followers 93 Following
jocker @DavidSpid12189
1 Followers 949 Following
Almog @k33p_R3AL
1 Followers 68 Following
j0guri @MazaalaiX
5 Followers 288 Following
MRX @Ashish_07211
1 Followers 126 Following
crane @Crane_0011
0 Followers 26 Following
Lan Vu @lanleft_
1K Followers 409 Following she/her | Qrious Secure @qriousec | I made my own cover photo
zzzqiba @Longofo_Wu
0 Followers 38 Following
Indigo 〰 @indigo79x
88 Followers 2K Following Happiness at dawn, Apple/kernel VR at dusk. Take a walk outside your head.
druse @MingjuanZh21680
4 Followers 316 Following
LaRoOt~# @LaRoOt77
3 Followers 202 Following 100k Palestinians were killed = 100k Israelis will be killed that's fair
INC @ret2grave
1 Followers 176 Following
Researcher @_0xPwner_
5 Followers 88 Following
Hawk @nullcoder_xd
287 Followers 5K Following 20| Here to explore; no business deals. Shit(re)poster
exp_only_no_poc @exp_only_no_poc
12 Followers 224 Following Exploit Only, No PoC Pursuing collaborative research with HARDCORE vulnerability researchers - P.S. We are not broker( -_- )
Phenol @Phenol__
884 Followers 677 Following Former chemistry student. @42born2code student. Reversing and pwning stuffs at @RandoriSec.
flyyy @flyyy924
1 Followers 48 Following
Stone Andy @meta0918
9 Followers 752 Following
babybio @Babycalm57
24 Followers 310 Following
secit @secit888
5 Followers 603 Following
ah5an08 @ah5an08
0 Followers 292 Following
Bugyystracker @Bugstrac40161
0 Followers 96 Following
Shreyas Penkar @streypaws
116 Followers 196 Following Android Vulnerability Researcher (Kernel/Chrome)
Look at my homepage @cole_meyer43343
25 Followers 3K Following Virtual currency game platform, deposit and get 50% bonus, recruit agents to earn 100,000 USDT per month, contact us https://t.co/j3jdAz4niL
wsp75006 @wsp750063105
7 Followers 593 Following
ginggil besel @ginggilBesel
61 Followers 721 Following
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Project Zero Bugs @ProjectZeroBugs
35K Followers 0 Following A bot that posts the latest blog posts and disclosures from Google's Project Zero
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Chromium Disclosed Se... @BugsChromium
8K Followers 0 Following Tweets publicly disclosed bugs in Chromium. Not an official Google product. Run by @SecurityMB. Mastodon: @[email protected]
Samuel Groß @5aelo
24K Followers 501 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
Binni Shah @binitamshah
141K Followers 165 Following Linux Evangelist, Malwares, Security enthusiast , Investor, Contrarian , Philanthropist , Reformist , Sigma female 🦋 https://t.co/WOvf41tMKV
mdowd @mdowd
32K Followers 747 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
ohjin @pwn_expoit
4K Followers 445 Following I'm still hungry. I will be world-class, @[email protected]
Maddie Stone @maddiestone
61K Followers 804 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
starlabs @starlabs_sg
9K Followers 20 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
Zhuowei Zhang @zhuowei
33K Followers 187 Following link in bio ⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩 ⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩 ⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩 ⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫 ⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧 ⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧 ⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧 ⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩 ⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫 🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧 🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧
Haifei Li @HaifeiLi
8K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
Mobile Security @mobilesecurity_
32K Followers 1K Following Mobile Security ✌🏻 #MobileSecurity #AndroidSecurity #iOSsecurity
stephen @_tsuro
10K Followers 527 Following @v8js security, CTFs and CPU vulnz. LCHL. @[email protected]
sakura @eternalsakura13
8K Followers 190 Following Lead Security Researcher @zellic_io. 2022-2024 Top 3 Chrome VRP. 2023 Top 2 Facebook Whitehat. 2025 MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con speaker.
nedwill @NedWilliamson
16K Followers 551 Following Tesla {Autopilot, Dojo}; Previously Google Security; PPP for life; SockPuppet, Soundhax, Speedcubing
offensivecon @offensive_con
26K Followers 2 Following OffensiveCon Berlin is a technical international security conference focused on offensive security only. Organised by @Binary_Gecko. Stay tuned #OffensiveCon26.
Team Atlanta @TeamAtlanta24
676 Followers 26 Following 🔥AIxCC Winner Team | Georgia Tech, Samsung Research, KAIST, POSTECH | 🚀Building next-gen AI-driven bug finding & fixing systems | CRS Atlantis 🌊
Xion @0x10n
4K Followers 123 Following CMU CSD PhD student / 2024 Top#0 Chrome Researcher / P2O Vancouver '24, TyphoonPWN '24/'25, DEFCON CTF 31-33, ... / PPP, KAIST GoN '18, @zer0pts
OSINTdefender @sentdefender
1.5M Followers 1K Following Open Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
Lewis @LewisLee53
293 Followers 387 Following
Ver @Ver0759
384 Followers 130 Following Windows Security / 2024 MSRC MVR #11 / CTFer @天枢Dubhe / Tweets are my own.
Microsoft Security Re... @msftsecresponse
145K Followers 215 Following We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit https://t.co/kxEbdfMny1.
LLM Security @llm_sec
10K Followers 294 Following Research, papers, jobs, and news on large language model security. Got something relevant? DM / tag @llm_sec
hackerfantastic.x @hackerfantastic
104K Followers 5K Following Co-Founder @myhackerhouse & https://t.co/ouNFRET3hI. Cybersecurity & blockchain expert. Author of Hands-on Hacking (ISBN 9781119561453). Offensive Lua. #Web3
sagitz @sagitz_
5K Followers 826 Following Cloud Security Researcher at @wiz_io • Microsoft Most Valuable Researcher 21/22/23 • Black Hat Speaker
FuzzingLabs @FuzzingLabs
8K Followers 4K Following Research-oriented Cybersecurity startup specializing in #fuzzing, Vulnerability Research & Offensive security on Mobile, Browser, AI/LLM, Network & Blockchain.
Moon @MoonL1ang
368 Followers 227 Following Retired browser bug hunter. Currently focusing on blockchain/DeFi.
TinySec @TinySecEx
2K Followers 177 Following Security Researcher. Usenix 2017 ,MSRC top 100 2016/2017/2018. All the tweets are totally my personal opinions, not about any of my current employer stuff.
slipper🩴 | Offside... @0xslipper
800 Followers 167 Following Hack🥷everything you see and you like⚠️🩴🪨 Founder & CEO @Offside_Labs
Offside Labs @Offside_Labs
2K Followers 42 Following 🚀 Web3 Security pioneers | Expert security auditors & consultants | Guarded $300M+ in digital assets | @Paradigm_CTF 2023 Champion 🥇
Operation Zero @opzero_en
6K Followers 0 Following The only Russian-based zero-day vulnerability purchase platform.
Andrej Karpathy @karpathy
1.4M Followers 1K Following Building @EurekaLabsAI. Previously Director of AI @ Tesla, founding team @ OpenAI, CS231n/PhD @ Stanford. I like to train large deep neural nets.
Boris Larin @oct0xor
18K Followers 655 Following Former console hacker (PS3/PS4). Hunting in the wild 0-days at Kaspersky GReAT. All tweets are my own.
briankrebs @briankrebs
333K Followers 2K Following Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwp
p3rr0 @Hperalta89
1K Followers 333 Following
Samsung Internet Deve... @samsunginternet
3K Followers 26 Following Developer Advocacy for Samsung's Android browser https://t.co/jVfoVJqzIT
peterpan0927@infosec.... @Peterpan980927
2K Followers 352 Following Mobile Security Researcher @starlabs_sg
SANS.edu Internet Sto... @sans_isc
116K Followers 86 Following @[email protected] - https://t.co/8IgCGtJnZd - Global Network Security Information Sharing Community -
heige @80vul
11K Followers 1K Following (a.k.a. SuperHei) ZoomEye https://t.co/fzvFAoPrvG SeeBug https://t.co/ldKpbho6eg KCon https://t.co/46w4vXpfkv AiPy https://t.co/bFgrqc8h9s,Team: 0x557
Chrome Releases Blog @_ChromeReleases
311 Followers 0 Following Feed for the Google Chrome Releases Blog.
BleepingComputer @BleepinComputer
240K Followers 200 Following Breaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!
raven @raid_akame
169 Followers 249 Following
Immunefi @immunefi
56K Followers 752 Following Immunefi — One Platform. Unified Security Operations. Complete Onchain Protection. Over $180B of user funds protected across 500+ protocols.
Jay Freeman (saurik) @saurik
412K Followers 135 Following I developed Cydia for jailbroken iOS devices, was a (local) politician in California, and focus on security issues for decentralized computation and networking.
Omair 🇵🇸 @w3bd3vil
7K Followers 277 Following Fuzzing Browsers and Offensive Security. #FreePalestine 🇵🇸
Zhenpeng Lin @Markak_
3K Followers 384 Following Ph.D., CTF player @Nu1L_team, now @StrawHat_CTF. #Pwn2Own winner. Author of #DirtyCred #Badiouring
cassidy6564 @cassidy6564
402 Followers 614 Following Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. bug hunter,chrome security,android security,0-day,exploit
C0de3 @c0de3_
481 Followers 2K Following Hack Windows&Linux . Kernel Bug hunter. Pentest amateur.Pwn2own 2017. AIGC Security .
ℵ₁ @aleph_one@inf... @aleph_one
6K Followers 203 FollowingTrends for United States
You might like
